diff options
Diffstat (limited to 'demos/blog/protected/Pages/Posts/ViewPost.php')
| -rw-r--r-- | demos/blog/protected/Pages/Posts/ViewPost.php | 59 |
1 files changed, 38 insertions, 21 deletions
diff --git a/demos/blog/protected/Pages/Posts/ViewPost.php b/demos/blog/protected/Pages/Posts/ViewPost.php index 309bedc1..84f33cff 100644 --- a/demos/blog/protected/Pages/Posts/ViewPost.php +++ b/demos/blog/protected/Pages/Posts/ViewPost.php @@ -1,40 +1,57 @@ <?php
+/**
+ * ViewPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * ViewPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class ViewPost extends BlogPage
{
- private $_postID=null;
private $_post=null;
- public function getPostID()
- {
- if($this->_postID===null)
- $this->_postID=TPropertyValue::ensureInteger($this->Request['id']);
- return $this->_postID;
- }
-
- public function getCurrentPost()
+ public function onInit($param)
{
+ parent::onInit($param);
+ $id=TPropertyValue::ensureInteger($this->Request['id']);
+ $this->_post=$this->DataAccess->queryPostByID($id);
if($this->_post===null)
- {
- if(($this->_post=$this->DataAccess->queryPostByID($this->getPostID()))===null)
- $this->reportError(BlogErrors::ERROR_POST_NOT_FOUND);
- }
- return $this->_post;
+ throw new BlogException(500,'post_id_invalid',$id);
+ // if post is not published, only the author and admin can view it
+ if($this->_post->Status!==PostRecord::STATUS_PUBLISHED && !$this->User->IsAdmin && $this->User->ID!==$this->_post->AuthorID)
+ throw new BlogException(500,'post_view_disallowed',$id);
+ $this->Title=htmlentities($this->_post->Title,ENT_QUOTES,'UTF-8');
}
public function getCanEditPost()
{
$user=$this->getUser();
- $authorID=$this->getCurrentPost()->AuthorID;
- return $authorID===$user->getID() || $user->isInRole('admin');
+ return $user->getIsAdmin() || $user->getID()===$this->_post->AuthorID;
+ }
+
+ public function getCurrentPost()
+ {
+ return $this->_post;
}
public function onLoad($param)
{
parent::onLoad($param);
- $this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->getPostID());
+ $this->Status->Visible=$this->_post->Status!==PostRecord::STATUS_PUBLISHED;
+ $this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->_post->ID);
$this->CategoryList->dataBind();
- $this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->getPostID());
+ $this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->_post->ID);
$this->CommentList->dataBind();
}
@@ -44,11 +61,11 @@ class ViewPost extends BlogPage {
$commentRecord=new CommentRecord;
$commentRecord->PostID=$this->CurrentPost->ID;
- $commentRecord->AuthorName=$this->CommentAuthor->Text;
+ $commentRecord->AuthorName=$this->CommentAuthor->SafeText;
$commentRecord->AuthorEmail=$this->CommentEmail->Text;
- $commentRecord->AuthorWebsite=$this->CommentWebsite->Text;
+ $commentRecord->AuthorWebsite=$this->CommentWebsite->SafeText;
$commentRecord->AuthorIP=$this->Request->UserHostAddress;
- $commentRecord->Content=$this->CommentContent->Text;
+ $commentRecord->Content=$this->CommentContent->SafeText;
$commentRecord->CreateTime=time();
$commentRecord->Status=0;
$this->DataAccess->insertComment($commentRecord);
|